[nsp] Suggestions on tracking down bandwidth offenders

Olav Langeland Olav.Langeland at activeisp.com
Thu Jul 15 03:00:42 EDT 2004


> -----Original Message-----
> From: Tony Mucker [mailto:Tony at tonymucker.com]
> Sent: 14. juli 2004 19:24
> To: cisco-nsp at puck.nether.net
> Subject: [nsp] Suggestions on tracking down bandwidth offenders
> 
> I've got a bandwidth problem (who doesn't).  Something has been
> saturating my poor little T1 for 24 hours straight now.  For those of
> you curious, here's what it looks like:
> 
> http://www .ghideon.com/router-day.png
> 
> Remove the white space and enjoy.  In the past I've used ethereal
> dumps
> to figure out who the big talkers were, but frankly it takes too long
> to
> crunch all the packets.  I've also tried etherApe, but the analysis
> makes my poor little laptop crawl.  Are there any tools out there that
> will speed this up?  Possibly by looking at the firewall logs?

One way is http://www.ntop.org which is a good tool to have in any case,
it can show toptalkers by IP and broken down in protocol etc. Install it
on a *NIX/Windows machine and either port monitor/SPAN the router
switchport or use netflow from the router and fire it up. 

Or you can get some IP accounting package running, these are just some
grabbed from freshmeat.net:
http://freshmeat.net/projects/ipacco/
http://ipac-ng.sourceforge.net/
http://freshmeat.net/projects/ipstat/

Or get MRTG/Cacti/RTG in there and monitor all your switchports, with a
nice overview picture of all the graphs you can easily spot the main
offender. 

Good luck :)

Regards
Olav Andreas Langeland 




More information about the cisco-nsp mailing list